Webinar Replay

Recorded Webinars

  • Cisco CSIRT Case Study: Forensic Investigations with NetFlow
    August 21, 2014
    + View Summary

    Cisco CSIRT uses NetFlow to collect 16 billion flows from Cisco’s 175TB of traffic observed daily. The data is used to monitor, investigate, and contain incidents using 3 key playbook "plays" each day.

    Two leaders from Cisco's Computer Security Incident Response Team (CSIRT) review a real cyber incident and the resulting investigation leveraging NetFlow collected via the StealthWatch System.

    Learn how to use NetFlow and the StealthWatch System to:

    • Investigate top use cases: C&C discovery, data loss and DOS attacks
    • Gain contextual awareness of network activity
    • Accelerate incident response
    • Minimize costly outages and downtime from threats
    • Protect the evolving network infrastructure
    • Provide forensic evidence to prosecute adversaries

    Video

    Slides



    More Info

     

  • Needs of a Modern Incident Response Program
    June 11, 2014
    + View Summary

    Recent high-profile data breaches highlight a dire need for improved incident response. Despite this fact, a recent survey indicated that typically, less than 10 percent of organizations’ security budgets are used for incident response activities.

    So how do we beef up incident response? Join Lancope and SANS to learn:

    • What your CSIRT should look like
    • Which processes, policies and best practices can be implemented to maximize its success
    • The tools required for your CSIRT to relentlessly hunt for and thwart advanced attackers 

    Video

    Slides



    More Info

     

  • Securing the Data Center
    May 15, 2014
    + View Summary

    In light of the constant wave of security breaches making headlines around the world, many organizations are bolstering their network defenses with perimeter- and signature-based technologies. Unfortunately, these tools provide little protection for the data center where the majority of corporate assets and data are stored. 

    Join Lancope to learn how to protect the data center from dangerous attacks including advanced malware, APTs, insider threats and DDoS. Leverage your existing network resources to:

    • Obtain in-depth visibility into the data center, including virtual systems 
    • Quickly detect and address anomalies that could signify risks
    • Prevent devastating data loss
    • Accelerate incident response
    • Improve forensics and compliance

    Video

    Slides

     



    More Info

     

  • Insider Threat: Hunting for Authorized Evil
    April 25, 2014
    + View Summary

    Despite the fact that external attacks often get more attention in the media, recent data is proving that the threat posed by malicious, negligent or compromised insiders is indeed very real.

    The best way to detect and prevent insider threats is to have in-depth visibility into the internal environment and a means of filtering and prioritizing the massive amount of data available on the network into concise, actionable intelligence.

    Join Lancope’s Director of Research, Tom Cross, to learn strategies for managing the insider threat problem from both a business and technical point of view and discuss different techniques for identifying suspicious activity in large collections of data.

    Learn how to:

    • Detect an insider threats
    • Identify their network activity
    • Incorporate best practices to protect your organization from the insider threat

     

    Video

    Slides

     



    More Info

     

  • The OODA Loop: A Holistic Approach to Cyber Security
    March 27, 2014
    + View Summary
    • Understand how the motives and techniques of online attackers have changed over the last couple of decades
    • Realize why conventional security tools like firewalls and antivirus are no longer enough to fend off today’s advanced threats, and why more holistic cyber security strategies are needed
    • Know about the “OODA loop” and how it can be applied to cyber security to protect IT infrastructure and data from advanced adversaries
    • Understand how network data such as NetFlow can be cost-effectively collected and analyzed to feed and speed up your OODA loop
    • Have a strategy for dramatically improving incident response and forensics

    Video

    Slides

     



    More Info

     

  • Ponemon Report: Cyber Security Incident Response: Are we as prepared as we think?
    January 29, 2014
    + View Summary

    According to a recent study conducted by the Ponemon Institute, most organizations are ill-prepared to fend off the continuous onslaught of advanced cyber-attacks facing today’s governments and enterprises.

    Learn about the key mistakes organizations are making when it comes to incident response, presented by the chairman and founder of the Ponemon Institute, Dr. Larry Ponemon, and Lancope’s director of security research, Tom Cross. Then learn about how the right mix of people, processes and technology can dramatically improve your incident response efforts and elevate the importance of the CSIRT within your organization.

    Video

    Slides



    More Info

     

  • Cisco CSIRT Case Study: Forensic Investigations with NetFlow
    August 21, 2014
    + View Summary

    Cisco CSIRT uses NetFlow to collect 16 billion flows from Cisco’s 175TB of traffic observed daily. The data is used to monitor, investigate, and contain incidents using 3 key playbook "plays" each day.

    Two leaders from Cisco's Computer Security Incident Response Team (CSIRT) review a real cyber incident and the resulting investigation leveraging NetFlow collected via the StealthWatch System.

    Learn how to use NetFlow and the StealthWatch System to:

    • Investigate top use cases: C&C discovery, data loss and DOS attacks
    • Gain contextual awareness of network activity
    • Accelerate incident response
    • Minimize costly outages and downtime from threats
    • Protect the evolving network infrastructure
    • Provide forensic evidence to prosecute adversaries

    Video

    Slides



    More Info

     

  • Needs of a Modern Incident Response Program
    June 11, 2014
    + View Summary

    Recent high-profile data breaches highlight a dire need for improved incident response. Despite this fact, a recent survey indicated that typically, less than 10 percent of organizations’ security budgets are used for incident response activities.

    So how do we beef up incident response? Join Lancope and SANS to learn:

    • What your CSIRT should look like
    • Which processes, policies and best practices can be implemented to maximize its success
    • The tools required for your CSIRT to relentlessly hunt for and thwart advanced attackers 

    Video

    Slides


    More Info
  • Cisco, Sourcefire and Lancope - Better Together
    February 28, 2014
    + View Summary

    Technology overview for Sourcefire FireSIGHT and Lancope StealthWatch including: 

    • Core features and functionality 
    • Market positioning and differentiators 
    • Technology integration for effective incident response

     

    Video

    Slides


    More Info
  • Continuous Network Visibility to Combat Advanced Cyber Threats
    May 24, 2012
    + View Summary

    Attendees will learn how to:

    • Create a distributed sensor grid for continuous visibility
    • Use flow-based network behavioral analysis to protect against cyber threats
    • Demonstrate compliance (NIST 800, CNCI, TIC)

    Download Webinar Presentation


    More Info
  • Cisco Cat6K Sup2T & StealthWatch: Bulletproof NetFlow-based Monitoring for the Network Core
    August 17, 2011
    + View Summary

    Discover how to effectively leverage NetFlow for comprehensive, end-to-end network visibility and forensic intelligence to quickly and efficiently troubleshoot of a wide range of network performance and security issues.

    Learning points:

    • Improvements over previous Catalyst 6500 Generations
    • Use NetFlow for security, network performance and forensics
    • Get advanced Flexible NetFlow features from almost any point in the network
    • Reduce the need for expensive, packet-based technologies
    • Increasing IT staff’s operational readiness

    More Info
  • Finally! Cisco Adds NetFlow Support to the 3750X and 3560X Switches
    June 08, 2011
    + View Summary

    Learn how you can get NetFlow from your Cisco Catalyst 3KX to gain in-depth visibility into network traffic and its patterns for usage/billing, monitoring/security and capacity planning.

    Attendees will learn how to:

    • Increase network visibility
    • Detect traffic patterns and data usage trends
    • Identify types of applications in different parts of the network
    • Mitigate network attacks
    • Enforce policies to limit access
    • Deduplicate NetFlow per-interface

    More Info
  • Maximize Internal Network Visibility using NetFlow and Cisco’s New Catalyst 4500 Switch
    March 23, 2011
    + View Summary

    With technology trends like IT consumerization and virtualization invading the enterprise, it is becoming infinitely more difficult to obtain visibility into the corporate network. To help address this challenge, Cisco has recently added true, flexible NetFlow support to its Catalyst 4500 series of switches.

     Through the use of flow-based monitoring tools such as Lancope’s StealthWatch, organizations can leverage existing infrastructure like the Catalyst 4500 to gain end-to-end network visibility and actionable insight for improved performance and security.

    Join Lancope and Cisco to learn about how these advanced features and increased intelligence can be used to vastly improve your network and security operations.


    More Info
  • What’s New in StealthWatch v6.5
    April 21, 2014
    + View Summary

    Lancope’s latest release includes an intuitive Web interface and sophisticated alarming capabilities for enhanced usability, security analytics and early threat detection. The new version further improves incident response and network forensics for fending off today’s advanced attacks. Specific new features include:

    • The Operational Network & Security Intelligence (ONSI) dashboard, which keeps track of the attacker’s “kill chain,” providing administrators with awareness of how far attacks are progressing within their networks.
    • New “data hoarding” alarms that detect attackers who are moving stolen data around within internal networks or preparing it for exfiltration.
    • StealthWatch® Labs Security Updates that provide constantly updated, automated security capabilities in the StealthWatch System to detect the latest threats.
    • User-defined Threat Criteria, which enable administrators to monitor their networks for targeted attack activity based on specific threat intelligence.

    Video

    Slides


    More Info
  • HP Protects Massive, Global Network with StealthWatch
    November 19, 2013
    + View Summary

    Learn how HP relies on StealthWatch, along with its own HP Vertica solution, to:

     

    • improve network visibility and security across its enormously complex, global network
    • obtain in-depth information that enables its security teams to act more quickly and minimize potential damage
    • quickly detect anomalous activity, such as, DDoS, malware and network misuse

    “Network-based anomaly detection is a critical component of any enterprise cyber security framework…Lancope has proven to be a very effective addition to our cyber security arsenal.” 
    – Jim O’Shea, Network Security Architect, HP

    Video

    Slides


    More Info
  • How Central Michigan University Improves Network Visibility, Performance and Security
    December 08, 2010
    + View Summary

    Learn how CMU uses Lancope's StealthWatch System to increase network visibility, enhance network security and improve network performance across its massive 16,000-node network.

    Specifically, you'll discover how CMU utilizes StealthWatch to:

    • Enhance visibility across its entire network for faster Mean Time to Know (MTTK)
    • Improve security decision-making
    • Detect and mitigate external threats
    • Monitor and detect anomalies on internal hosts
    • Identify machines/users running P2P applications
    • Determine root causes of network slowdowns

    More Info
  • Concord Hospital Case Study: Performance Management through Network Visibility and Security
    February 26, 2009
    + View Summary

    Learn how to use flow-based technologies to:

    • Gain real-time visibility of applications and hosts on the network
    • Enforce acceptable usage policies
    • Rapidly troubleshoot network issues
    • Pinpoint problem segments
    • Ensuring maximum network availability

    More Info
  • Network Behavior Monitoring & Control: A Case Study by Binghamton University
    November 20, 2008
    + View Summary

    Learn how to:

    • Gain real-time visibility at the edge and core of the network
    • Isolate the root cause of problems on the network
    • Proactively monitor for threats impacting network and application availability
    • Enforce policy at the edge of the network, provides maximum security
    • Promote network performance and availability
    • Gain a layered, defense-in-depth security

    More Info
  • Cisco CSIRT Case Study: Forensic Investigations with NetFlow
    August 21, 2014
    + View Summary

    Cisco CSIRT uses NetFlow to collect 16 billion flows from Cisco’s 175TB of traffic observed daily. The data is used to monitor, investigate, and contain incidents using 3 key playbook "plays" each day.

    Two leaders from Cisco's Computer Security Incident Response Team (CSIRT) review a real cyber incident and the resulting investigation leveraging NetFlow collected via the StealthWatch System.

    Learn how to use NetFlow and the StealthWatch System to:

    • Investigate top use cases: C&C discovery, data loss and DOS attacks
    • Gain contextual awareness of network activity
    • Accelerate incident response
    • Minimize costly outages and downtime from threats
    • Protect the evolving network infrastructure
    • Provide forensic evidence to prosecute adversaries

    Video

    Slides



    More Info

     

  • Needs of a Modern Incident Response Program
    June 11, 2014
    + View Summary

    Recent high-profile data breaches highlight a dire need for improved incident response. Despite this fact, a recent survey indicated that typically, less than 10 percent of organizations’ security budgets are used for incident response activities.

    So how do we beef up incident response? Join Lancope and SANS to learn:

    • What your CSIRT should look like
    • Which processes, policies and best practices can be implemented to maximize its success
    • The tools required for your CSIRT to relentlessly hunt for and thwart advanced attackers 

    Video

    Slides


    More Info
  • Securing the Data Center
    May 15, 2014
    + View Summary

    In light of the constant wave of security breaches making headlines around the world, many organizations are bolstering their network defenses with perimeter- and signature-based technologies. Unfortunately, these tools provide little protection for the data center where the majority of corporate assets and data are stored. 

    Join Lancope to learn how to protect the data center from dangerous attacks including advanced malware, APTs, insider threats and DDoS. Leverage your existing network resources to:

    • Obtain in-depth visibility into the data center, including virtual systems 
    • Quickly detect and address anomalies that could signify risks
    • Prevent devastating data loss
    • Accelerate incident response
    • Improve forensics and compliance

    Video


    More Info
  • Insider Threat: Hunting for Authorized Evil
    April 25, 2014
    + View Summary

    Despite the fact that external attacks often get more attention in the media, recent data is proving that the threat posed by malicious, negligent or compromised insiders is indeed very real.

    The best way to detect and prevent insider threats is to have in-depth visibility into the internal environment and a means of filtering and prioritizing the massive amount of data available on the network into concise, actionable intelligence.

    Join Lancope’s Director of Research, Tom Cross, to learn strategies for managing the insider threat problem from both a business and technical point of view and discuss different techniques for identifying suspicious activity in large collections of data.

    Learn how to:

    • Detect an insider threats
    • Identify their network activity
    • Incorporate best practices to protect your organization from the insider threat

     

    Video

    Slides


    More Info
  • What’s New in StealthWatch v6.5
    April 21, 2014
    + View Summary

    Lancope’s latest release includes an intuitive Web interface and sophisticated alarming capabilities for enhanced usability, security analytics and early threat detection. The new version further improves incident response and network forensics for fending off today’s advanced attacks. Specific new features include:

    • The Operational Network & Security Intelligence (ONSI) dashboard, which keeps track of the attacker’s “kill chain,” providing administrators with awareness of how far attacks are progressing within their networks.
    • New “data hoarding” alarms that detect attackers who are moving stolen data around within internal networks or preparing it for exfiltration.
    • StealthWatch Labs Security Updates that provide constantly updated, automated security capabilities in the StealthWatch System to detect the latest threats.
    • User-defined Threat Criteria, which enable administrators to monitor their networks for targeted attack activity based on specific threat intelligence.

    Video


    More Info
  • The OODA Loop: A Holistic Approach to Cyber Security
    March 27, 2014
    + View Summary
    • Understand how the motives and techniques of online attackers have changed over the last couple of decades
    • Realize why conventional security tools like firewalls and antivirus are no longer enough to fend off today’s advanced threats, and why more holistic cyber security strategies are needed
    • Know about the “OODA loop” and how it can be applied to cyber security to protect IT infrastructure and data from advanced adversaries
    • Understand how network data such as NetFlow can be cost-effectively collected and analyzed to feed and speed up your OODA loop
    • Have a strategy for dramatically improving incident response and forensics

    Video

    Slides


    More Info
  • Cisco, Sourcefire and Lancope - Better Together
    February 28, 2014
    + View Summary

    Technology overview for Sourcefire FireSIGHT and Lancope StealthWatch including: 

    • Core features and functionality 
    • Market positioning and differentiators 
    • Technology integration for effective incident response

     

    Video

    Slides


    More Info
  • Protecting Retail Data from Cyber-Attacks
    February 12, 2014
    + View Summary

    Learn key concepts and techniques that will help you rapidly enhance your current cyber security efforts.

    • Get a complete view what is currently happening in the retail industry
    • Understand the concepts of NetFlow and how it can greatly enhance security efforts
    • Learn how attacks are injected into the network from the POS system, and ways to detect and remediate these attacks
    • Establish a means to recognize data exfiltration and learn techniques to prevent it

    Video

    Slides

     


    More Info
  • Ponemon Report: Cyber Security Incident Response: Are we as prepared as we think?
    January 29, 2014
    + View Summary

    According to a recent study conducted by the Ponemon Institute, most organizations are ill-prepared to fend off the continuous onslaught of advanced cyber-attacks facing today’s governments and enterprises.

    Learn about the key mistakes organizations are making when it comes to incident response, presented by the chairman and founder of the Ponemon Institute, Dr. Larry Ponemon, and Lancope’s director of security research, Tom Cross. Then learn about how the right mix of people, processes and technology can dramatically improve your incident response efforts and elevate the importance of the CSIRT within your organization.

    Video

    Slides


    More Info
  • HP Protects Massive, Global Network with StealthWatch
    November 19, 2013
    + View Summary

    Learn how HP relies on StealthWatch, along with its own HP Vertica solution, to:

     

    • improve network visibility and security across its enormously complex, global network
    • obtain in-depth information that enables its security teams to act more quickly and minimize potential damage
    • quickly detect anomalous activity, such as, DDoS, malware and network misuse

    “Network-based anomaly detection is a critical component of any enterprise cyber security framework…Lancope has proven to be a very effective addition to our cyber security arsenal.” 
    – Jim O’Shea, Network Security Architect, HP

    Video

    Slides


    More Info
  • Defending Healthcare Networks with NetFlow
    October 30, 2013
    + View Summary

    Learn how flow-based monitoring can help healthcare providers:

     

    • Obtain the network visibility needed to quickly detect sophisticated attacks that evade conventional defenses
    • Ensure round-the-clock access to mission-critical technologies, including dialysis machines, heart monitors, etc., regardless of the range and number of devices connected to the network
    • Defend healthcare networks and patient data from potential security and compliance breaches

    Video

    Slides


    More Info
  • Hunting Attackers with Network Audit Trails
    September 27, 2013
    + View Summary

    Apply network logging technologies such as NetFlow and IPFIX to the problem of detecting sophisticated, targeted attacks and create an audit trail of network activity.

    • Discover active attacks in each phase of the attacker’s “kill chain.”
    • Determine the scope of successful breaches and document the timeline of the attacks

    Video

    Slides


    More Info
  • Monitoring the Data Center
    August 22, 2013
    + View Summary

    Learn how to protect the data center from dangerous attacks including advanced malware, APTs, insider threats and DDoS. Leverage your existing network resources to:

    • Obtain in-depth visibility into the data center, including virtual systems 
    • Quickly detect and address anomalies that could signify risks
    • Prevent devastating data loss
    • Improve incident response, forensics and compliance

    More Info
  • The Insider Threat
    July 30, 2013
    + View Summary

    Traits exhibited by your best, smartest, and hardest working employee can be the same as those of the malicious (or sometimes even unwitting) insider.

    Learn how to:

    • Spot an insider threats
    • Identify their network activity
    • Incorporate best practices to protect your organization from the insider threat

    More Info
  • SCADA Security: The Five Stages of Cyber Grief
    May 15, 2013
    + View Summary

    Lancope’s Director of Security Research, Tom Cross, examines the five stages of grief that organizations seem to pass through as they come to terms with security risks, and how far we’ve come regarding Industrial Control Systems.

    Hear about:

    • The state of Control System security vulnerabilities
    • Attack activity that is prompting a change in perspective
    • The unique, long term challenges associated with protecting SCADA networks
    • How anomaly detection can play a key role in protecting SCADA systems now

    More Info
  • LinkedIn to Your Network - The Social Engineering Threat
    May 01, 2013
    + View Summary

    By nature, humans are inclined to trust. Unfortunately, attackers are often successful in breaching large enterprises by targeting specific individuals and utilizing social engineering to obtain confidential information. Once an adversary is able to gain enough data through social media or other channels, they can pose as an authentic user with valid credentials, bypassing traditional security measures. 

    Join Lancope’s Joey Muniz, aka The Security Blogger, to hear about his successful, real-life experiments in using social engineering to easily compromise high-profile targets. Attendees will learn about:

    ·       The dangers of insider threats

    ·       How attackers are leveraging social media to compromise targets

    ·       Best practices for defending network interiors from attackers with authentic credentials


    More Info
  • Hunting for APT1 Inside Your Network
    April 03, 2013
    + View Summary

    The release of Mandiant’s APT1 report describing computer network attacks tied to China was this year’s shot heard ‘round the world (so far) for cyber security. A number of organizations have released lists of technical indicators of compromise, such as IP addresses and Domain Names associated with these attacks. Lancope’s StealthWatch Labs research team has discovered and published additional indicators of APT1 that have not yet been published elsewhere.

    Of course, when indicators like these are published, you can assume that the attackers won’t be using them any more, and so real time monitoring for these addresses may not be valuable. StealthWatch provides a unique way to look back into past activity that has occurred on a computer network in search of evidence that these addresses were being accessed when they were still active. 

    Join this webinar to learn about Lancope’s research results and discover how to determine whether APT1 has successfully compromised your network. Lancope’s Director of Security Research, Tom Cross, will shed light on exactly what organizations should be looking for in light of this new research.


    More Info
  • Internal Host Reputation for Combating Advanced Threats
    March 06, 2013
    + View Summary

    With so many new threat actors out there, IP reputation is becoming increasingly critical for effectively combating attacks. Under today’s security paradigm, administrators need to know not only about the bad guys lurking on the Internet, but also about the ones operating inside the network perimeter.

     Lancope uniquely provides both internal and external host reputation, better preparing organizations to: combat APTs and insider threats, address BYOD challenges, and deliver actionable information for security teams. 

    Join Lancope and learn how to leverage internal host reputation to uncover a wide range of suspicious user behaviors such as:

    • Sending out an unusual amount of traffic
    • Communicating with known, bad external hosts
    • Accessing restricted areas of the network
    • Spreading malware 

    More Info
  • A New Approach for Evolving Cyber Threats
    November 16, 2012
    + View Summary

    Featuring:

      cisco     lancope


    Participants will learn:

    • Why modern attacks cannot be thwarted by traditional, preventative controls
    • Why agencies are still getting breached despite investments in flow analysis, often without even knowing it
    • How to obtain the security context necessary to fend off today’s threats
    • How network analysis and visibility (NAV) tools like flow-based monitoring can detect attack activity prior to data exfiltration


    More Info
  • Easing the Transition into IPv6 with NetFlow
    September 28, 2012
    + View Summary

    Flow-based network monitoring solutions can help ease the transition to IPv6 by tracking how network devices and applications behave before, during and after the cutover, helping to mitigate any anomalies before they become a serious issue. Join Lancope to learn how NetFlow can help governments and enterprises make this important conversion.   

    Download Presentation


    More Info
  • Securing Mobile Devices for BYOD Environments
    June 21, 2012
    + View Summary

    Attendees will learn how to:

    • gain complete network visibility across all devices without having to install additional software or deploy expensive probes
    • detect anomalous behavior originating from users’ personal smartphones, tablets or laptops
    • quickly and easily uncover externally-launched, zero-day attacks, and internal threats – regardless of the device being used
    • deliver high levels of mobile performance

    Download Presentation


    More Info
  • NetFlow for Virtual Monitoring to Improve Security, Network and Application Performance
    May 17, 2011
    + View Summary

    Attendees will learn to use NetFlow to: 

    • Gain virtual visibility
    • Troubleshooting security, network and application performance faster
    • Enhance virtual network security
    • Track VMotion movement
    • Monitor intra-VM communications
    • Demonstrate compliance for virtual environments

    More Info
  • Using NetFlow to Demonstrate PCI Compliance
    January 27, 2011
    + View Summary

    Learn how, by collecting and analyzing NetFlow data from the network, administrators can gain unparalleled levels of visibility, accountability and measurability into both individual host and broad network communications required for maintaining ongoing PCI compliance.


    More Info